Remove the htp user firewall exception.

config/chroot_local-includes/etc/firewall.conf

@@ -12,18 +12,11 @@
 # Established outgoing connections are accepted.
 [0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
-# Note: this must run before traffic is dispatched to the lan rule.
-# The htp user is allowed to connect to services listening on the https port...
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j ACCEPT
-# ... and to services listening on the domain port.
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j ACCEPT
-[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j ACCEPT
-
 # Internal network connections are accepted.
 [0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
 
 # Local network connections should not go through Tor but DNS shall be
-# rejected - apart for the htp user.
+# rejected.
 [0:0] -N lan
 [0:0] -A lan -p TCP --dport domain -j REJECT
 [0:0] -A lan -p UDP --dport domain -j REJECT
@@ -65,12 +58,6 @@ COMMIT
 # i2p is allowed to do anything it wants to.
 [0:0] -A OUTPUT -m owner --uid-owner i2psvc -j RETURN
 
-# The htp user is allowed to connect to services listening on the https port...
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j RETURN
-# ... and to services listening on the domain port.
-[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j RETURN
-[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j RETURN
-
 # .onion mapped addresses redirection to Tor.
 [0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j REDIRECT --to-ports 9040